Your message dated Sun, 05 Jan 2014 19:19:04 +0000
with message-id <[email protected]>
and subject line Bug#734304: fixed in movabletype-opensource 5.2.9+dfsg-1
has caused the Debian Bug report #734304,
regarding movabletype-opensource: XSS Security vulnerabilities fixed in 5.2.9
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
734304: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734304
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Source: movabletype-opensource
Severity: important
Version: 5.2.7+dfsg-1
Tags: security
http://movabletype.org/news/2013/11/movable_type_601_529_and_5161_released_to_close_security_vul.html
DETAILS OF THE SECURITY UPDATES
The Rich Text Editor in previous versions of Movable Type 6 and Movable Type 5
are susceptible to cross-site scripting (XSS) attacks. A remote attacker can
inject JavaScript into a page or entry in a Movable Type blog or website. This
JavaScript can be executed on the client browser when that page or entry is
subsequently displayed in the Rich Text Editor.
These vulnerabilities were reported by a member of the Movable Type community,
and were kept confidential until the release of the updated versions of Movable
Type.
5.2.9 is to be found at
http://www.movabletype.jp/downloads/stable/
--- End Message ---
--- Begin Message ---
Source: movabletype-opensource
Source-Version: 5.2.9+dfsg-1
We believe that the bug you reported is fixed in the latest version of
movabletype-opensource, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Dominic Hargreaves <[email protected]> (supplier of updated movabletype-opensource
package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Sun, 05 Jan 2014 19:01:02 +0000
Source: movabletype-opensource
Binary: movabletype-opensource movabletype-plugin-core
Architecture: source all
Version: 5.2.9+dfsg-1
Distribution: unstable
Urgency: low
Maintainer: Debian Movable Type and OpenMelody team
<[email protected]>
Changed-By: Dominic Hargreaves <[email protected]>
Description:
movabletype-opensource - Well-known blogging engine
movabletype-plugin-core - Core Movable Type plugins
Closes: 734304
Changes:
movabletype-opensource (5.2.9+dfsg-1) unstable; urgency=low
.
* New upstream release
- fixes XSS security vulnerabilities (Closes: #734304)
Checksums-Sha1:
9e9fb9a8ce5bfde7fdd7dbba666efd7dfd39a1c2 2241
movabletype-opensource_5.2.9+dfsg-1.dsc
73945cd2bec6a45853a44bb02d5e8c1ed8da2f7b 7976026
movabletype-opensource_5.2.9+dfsg.orig.tar.gz
9cf2e4b3ca97f2743e340745e9ddd1614c33cd00 38163
movabletype-opensource_5.2.9+dfsg-1.debian.tar.gz
670654ccd01d7665663b2f8eb2bb6e38a699d67a 2996606
movabletype-opensource_5.2.9+dfsg-1_all.deb
3462d8bae91b135a4bd8746cd28fb54e0b6992d2 632510
movabletype-plugin-core_5.2.9+dfsg-1_all.deb
Checksums-Sha256:
c7169602644eac5b110f74ee1c4c7d2d57b049ad728eefe910607e12b0fb3aeb 2241
movabletype-opensource_5.2.9+dfsg-1.dsc
c15f30100210a46cdf46f5193c431ab0dce086bdae00cb3b84ba4ceb078e40cd 7976026
movabletype-opensource_5.2.9+dfsg.orig.tar.gz
5474178bbac12391f0bf74da0f82d2290bf5433cbdf621a18542d2f746065828 38163
movabletype-opensource_5.2.9+dfsg-1.debian.tar.gz
94c6a1d0af37cd55d5241f28070fc28d25fe9f4da521229ad6fd1e5d1b787669 2996606
movabletype-opensource_5.2.9+dfsg-1_all.deb
311f17f80f4ae28196e44741ee00db9f71a94f29adbacf5d1fc24ac4bdc97d8e 632510
movabletype-plugin-core_5.2.9+dfsg-1_all.deb
Files:
540acea617cc049a8a3e85fb0e381aab 2241 web optional
movabletype-opensource_5.2.9+dfsg-1.dsc
6ec71c50c9a119aa1a971c2f6720424c 7976026 web optional
movabletype-opensource_5.2.9+dfsg.orig.tar.gz
72e3a3a83284f04acc52a86526aac3d3 38163 web optional
movabletype-opensource_5.2.9+dfsg-1.debian.tar.gz
7434beccf55ec75974f4f06e959513a7 2996606 web optional
movabletype-opensource_5.2.9+dfsg-1_all.deb
a1ea5479d7f527788cc7c03acb8c068b 632510 web optional
movabletype-plugin-core_5.2.9+dfsg-1_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.15 (GNU/Linux)
iQIcBAEBAgAGBQJSyaxEAAoJEMAFfnFNaU+yclUQAKch05QyGKXf40CinseN8Cr0
J+LQJPaNzKiVKxRAj1GnoKlHl38D77+vszccYdUcSBl84AvNCb1q6Vb0Hd+9gYe2
UYuObl4j8qaDKKpCfSbVtEb705deFtdBsbgFAqadZgLhCi81q5rWgL385yh95/+s
M3yOHxNFlMR0O543bXxgZ4afU85dSOowUqp1lJkDRzGAr3XlYiAXbmCBPq5ZiMSU
lL+K96N1R/JWlB2tNLcoysVKEgxWB10m10fQkPWDofeqiCSTAVqlDaFpZUdn1crp
7Nb6SObJ282jx6MmtojrXQfJv4OM3/OEp8MQX7opqQALgyeEtJZCznKigQ5c6SmK
+NBN5TVcx8cPL8IKbevAUQ0i+NIXzexMpiloyMpKqfQ54I/cj1r27iEItLf9/yWO
DROxtTyqC8IfxjBJOCo+ltsJr7hUjYdGQJoZMRxPj2vfDJELfmLQ+FGk/Bky0fra
fgemFe34bhYoJiTE9oG4Lx9dHSAATJuOw9kiqjYrAaXzTWu68jTwyTI0HaeIVRRI
xnP9sAdNKXAs7UoF4orfYuh85kU1fFKkED0NNbaSU6d0btR7bD0o8NxKqFhE1MX+
Sr3cJmlw744S2g5Vd8fEUQGmS6dm/MU9u466tIaXmR3kGNNK1cwcG2gYzH+W1vz0
3kSkVXJTK1/We2BwSNBQ
=aF7w
-----END PGP SIGNATURE-----
--- End Message ---
